On Nov 29 2007 11:27, Jon Masters wrote:
>
>They (virus protection folks) generally think they want to intercept
>various system calls, such as open() and block until they have performed
>a scan operation on the file. I explained the mmap issue [...]
If open and close was everything, then that would be wonderful. You
could only wonder how many false positives scanners could bring up if
they checked every write() for signatures - not to mention
performance bogdown.
>they just want to scan files and take some action if a file is
>"bad". That's it really.
>
struct security->dentry_open sounds like the candidate, together
with relayfs with submits filenames to userspace.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]